Data Exploiter (TS/SCI with Poly Required)

About The Position

Requirements

• Strong knowledge of common cyber attack methodologies (e.g., MITRE ATT&CK, kill chain models).
• Strong knowledge of TCP/IP communications.
• Proficiency with commercial and open-source threat intelligence tools, such as:
• SIEM (e.g., Splunk, Elastic Stack)
• Network traffic analysis tools (e.g., Zeek, Suricata, Wireshark)
• Threat intelligence platforms (e.g., ThreatConnect, Anomali)
• OSINT tools (e.g., Maltego, Shodan, Censys)
• Endpoint detection and response (EDR) tools (e.g., CrowdStrike, Carbon Black)
• Malware analysis tools (e.g., VirusTotal, Hybrid Analysis)
• Strong analytical skills to identify patterns, anomalies, and relationships between cyber threat events.
• Ability to articulate complex technical findings in clear, accessible briefings and reports.
• Strong written and verbal communication skills, with an emphasis on briefing senior leadership and non-technical stakeholders.
• Experience in creating threat intelligence reports and providing actionable recommendations.
• 5 + years of related experience
• US Citizenship Required
• Clearance Level Must Currently Possess: Top Secret SCI + Polygraph
• Clearance Level Must Be Able to Obtain: Top Secret SCI + Polygraph

Nice To Haves

• Understanding of malware behaviors and basic reverse engineering concepts.
• Experience with automated threat hunting and scripting (e.g., Python, PowerShell).
• Familiarity with cloud environments (e.g., AWS, Azure) and associated cyber threats.
• Experience in a Security Operations Center (SOC) or Incident Response role.
• Experience extracting information of foreign intelligence, counterintelligence and targeting value from digital data.
• Experience producing products that inform operations, drive targeting and collection, contribute to intelligence products, and support multiple customer needs.

Responsibilities

• Track and monitor cyber actors, their activities, and infrastructure to identify potential threats and vulnerabilities.
• Utilize industry-standard commercial and open-source tools for threat intelligence gathering and analysis.
• Conduct proactive threat hunting to uncover malicious activity, indicators of compromise (IOCs), and tactics, techniques, and procedures (TTPs).
• Chain cyber threat events across multiple data sources to build coherent threat narratives and timelines.
• Analyze network traffic, logs, and endpoints to identify malicious behaviors and anomalous activities.
• Develop actionable intelligence reports and briefings for both technical and non-technical stakeholders.
• Collaborate with incident response, SOC, and other security teams to correlate findings and provide context.
• Maintain an understanding of emerging cyber threats and trends, adjusting hunting techniques accordingly.
• Communicate threat findings and intelligence through clear, concise briefings and visualizations

Benefits

• Our benefits package for all US-based employees includes a variety of medical plan options, some with Health Savings Accounts, dental plan options, a vision plan, and a 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match.
• To encourage work/life balance, GDIT offers employees full flex work weeks where possible and a variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave.
• To ensure our employees are able to protect their income, other offerings such as short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance are provided or available.
• We regularly review our Total Rewards package to ensure our offerings are competitive and reflect what our employees have told us they value most.